Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What you need to know about OAuth 2.0 for incoming mail in Atlassian products

Both Microsoft and Google announced that they will be deprecating Basic Authentication from use on their respective mail servers, Exchange and Gmail.

Microsoft Exchange will disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage in October 2020. For current tenants still actively using Basic Authentication, Microsoft has decided to postpone end-of-support until the second half of 2021 in response to the impact of COVID-19. It is important to note that this is only affecting Microsoft Exchange Cloud. It will not affect Microsoft Exchange Server (on-premises). You can reference Microsoft’s official communications on the matter here, in their February update, and in their latest April update.

Gmail’s end-of-support was planned to happen in two phases, with the first occurring in June 2020, however they have since decided to suspend these deadlines until further notice per their update in March 2020. They want to minimize potential disruptions for their customers unable to complete migrations in this timeframe as customers focus on supporting a remote workforce.

In order to give you as much time as is needed to adequately plan for potential migrations, we will soon be adding OAuth 2.0 authentication methods for incoming email (so far using the IMAP and POP3 protocols) for Jira Software, Jira Service Desk, and Confluence. We will also be backporting the fixes to respective supported Enterprise releases. While we do not typically backport new functionality into our Enterprise releases, this integration is deemed essential given the material impact it may have on our products.

We will update this post with the respective fix versions and Enterprise releases once those are confirmed. We treat this work with highest priority and aim to provide the solution ahead of the deadlines set by Microsoft and Google so that you have time to upgrade. 

Should more information come on new deadlines set in place by Microsoft or Google, we will update the post accordingly. Their decisions to suspend certain deadlines will not impact our work to support OAuth 2.0 in impacted products.

OAuth 2.0 support will require you to make changes to the incoming mail settings and the way you configure the incoming email server. It's a good idea to plan to take the time after your upgrade to review the changes so that your instance's email handlers keep working. See below for a full run down of products that will have a material impact once Microsoft and Google’s respective end-of-support dates arrive. Please note that Bitbucket, Bamboo, FeCru and Crowd are not affected by this change.

Jira Software: If you’ve configured incoming mail servers for Jira using Microsoft or Google as mail service providers, you will need to configure the OAuth2.0 authentication method to allow users to create issues and comments via email. Here’s how:

  1. Upgrade to Jira Software (when OAuth 2.0 support is added, version TBA) or the latest bug fix version of the supported Enterprise releases (7.13 or 8.5).

  2. Configure the OAuth 2.0 authentication method (this step requires System admin rights).

  3. Reconfigure your mail servers to use OAuth 2.0 (this step remains available to Jira admins).

After these steps, users can create issues and comments via email.

Jira Service Desk:  If you’ve configured email channels for your projects using Microsoft or Google as mail service providers, you will need to configure the OAuth 2.0 authentication method to allow customers create requests via email. Here’s how:

  1. Upgrade to Jira Service Desk (when OAuth 2.0 support is added, version TBA) or the latest bug fix version of the supported Enterprise releases (3.16 or 4.5).

  2. Configure the OAuth 2.0 authentication method (this step requires System admin rights).

  3. Reconfigure your email channels to use OAuth 2.0 (this step remains available to Jira admins). Email channels are set up separately for each project.

  4. If you’ve also configured incoming mail servers for your Jira Core projects, you’ll need to reconfigure them, too.

Confluence: In Confluence, OAuth 2.0 support will require you to make changes to plugins that were previously disabled by default and support functionality like reply to comment via email. When we add OAuth 2.0 support to Confluence (TBA), these plugins will be automatically enabled and allow end users to create a space or page, or comment on a page, directly from their email. If you’ve previously enabled these plugins, you may need to review these changes before you upgrade.

For those who are interested, feel free to watch the following ticket for updates, EAP announcements and more: JRASERVER-63917.

9 comments

Hi @Brian Keough - is Jira Cloud already prepared for the changes? - in your article you just mention the Server Instances...

Like Jonah McIntire likes this

We have successfully configured incoming mail to work with OAuth 2.0 and MS mail, but we need to use it with service desk email channels. Currently in v4.10.0 ,  Microsoft is not an option in email channels.  Only Google is available to use with OAuth 2.0.  

Is Microsoft email planned for a future release, or can it be configured to work now?

Hi @Bob Regent,

We're actively working on adding Microsoft support just now in JSD and will be released very soon (planned well before the October deadline for basic auth on new Microsoft accounts being disabled).

Thanks,

Craig.

Jira Service Desk

When will proper OAuth 2.0 email integration be in place for helpdesk via Cloud? Google stopped their less secure applications (what you call basic) access in March 2020. Its now end of July 2020. OAuth 2.0 isn't cutting edge, this is frankly an embarassment to not be supported right now. What's the timeline?

Jason D Cruz Atlassian Team Jul 23, 2020

Hi @Jonah McIntire ,

I'm one of the product managers on Jira Service Desk Cloud.

Google have indefinitely postponed the disabling of access for less secure applications, you can read more about their decision here.

We are committed to bringing OAuth 2.0 functionality on Jira Service Desk Cloud for Google and will align our timelines to any revised dates provided. I'd request you to follow this ticket for updates on the timelines for OAuth 2.0 for Google.

Thanks,
Jason

Like Craig Shannon likes this

@Jason D Cruz with respect, the page you linked to is clear about why OAuth 2.0 is something Atlassian should be adding now, not at the last minute when Google or others force it. Here is their exact statement from the announced delay to ending support:

"Despite these timing adjustments, Google does not recommend the use of any application that does not support OAuth. We recommend that you switch to using OAuth authentication whenever possible for your organization. OAuth helps protect your account by helping us identify and prevent suspicious login attempts, and allows us to enforce G Suite admin-defined login policies, such as the use of security keys."

Google calls this form of integration "less secure apps" for a good reason. And they postponed their ending of support 45 days before it was scheduled to stop so Atlassian was already down to the wire on a ticket that was created in January 2018. 

Jason D Cruz Atlassian Team Aug 06, 2020

Hi @Jonah McIntire , thank you for the comment. We are looking to move to OAuth 2.0 for both Google and Microsoft.

Regarding tiemlines, our current priority is to focus on completing the work for Microsoft due to a deadline in October that will impact both new and inactive Microsoft accounts. After that work is completed we would be in position to provide more concrete information around the plan for Google on JSD Cloud.

Oauth2 is not stable with Google. I have starter license and jira not allowing me to create the support ticket but its a bug on jira side and my system is getting field

 

I have created oauth2 and test connection is successfully.

But when trying to use on service desk project for email request, then giving error 

OAuth token not defined for connection. OAuth Authorisation required."

2020-08-18 11:02:01,277+0000 http-nio-8080-exec-18 ERROR Ramzan 662x250340x1 pc5x1d 46.152.45.18,127.0.0.1 /rest/servicedesk/1/servicedesk/NTEST/incomingemail/oauth/validateandsaveflow/0a95c98c-5ade-4391-93f4-129f897966f8 [internal.rest.emailchannel.EmailChannelResource] Failed to validate and save token: jep.mail.connection.verifier.unknown.error : 'Here's the error we received: "[AUTHENTICATIONFAILED] Invalid credentials (Failure)"'

Hi @Muhammad Ramzan 

Thanks for bringing this to our attention. I have replied to your question.

Thanks,

Craig.

Jira Service Desk

Like Andy Heinzer likes this

Comment

Log in or Sign up to comment
TAGS
Community showcase
Posted in Feedback & Announcements

Developer Day is next week – check out the agenda!

Hey there, community! Hope everyone is well and safe! ✨ The last few months have been busy – especially with the judging + picking of our Codegeist 2020 winners, the launch of Atlassian Ventures, a...

218 views 1 7
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you